Axe out the complete SSL_COMPAT stuff. Because Apache 2.0 is already (94b8c855) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/ssl/README

+1 −0

Original line number	Diff line number	Diff line
		@@ -146,4 +146,5 @@
		from Apache 1.3 and this mod_ssl version for Apache 2.0:

		o The complete EAPI-based SSL_VENDOR stuff was removed.
		o The complete EAPI-based SSL_COMPAT stuff was removed.

modules/ssl/mod_ssl.h

+0 −7

Original line number	Diff line number	Diff line
		@@ -699,7 +699,6 @@ void ssl_init_ModuleKill(void *);
		/* Apache API hooks */
		void ssl_hook_AddModule(module *);
		void ssl_hook_RemoveModule(module *);
		char ssl_hook_RewriteCommand(cmd_parms , void , const char );
		void ssl_hook_NewConnection(conn_rec *);
		void ssl_hook_TimeoutConnection(int);
		void ssl_hook_CloseConnection(conn_rec *);
		@@ -817,12 +816,6 @@ int ssl_rand_seed(server_rec , pool , ssl_rsctx_t, char *);
		void ssl_ext_register(void);
		void ssl_ext_unregister(void);

		/* Compatibility */
		#ifdef SSL_COMPAT
		char ssl_compat_directive(server_rec , pool , const char );
		void ssl_compat_variables(request_rec *);
		#endif

		/* Utility Functions */
		char ssl_util_vhostid(pool , server_rec *);
		void ssl_util_strupper(char *);

modules/ssl/ssl_engine_compat.c

deleted100644 → 0

+0 −496

Original line number	Diff line number	Diff line
		/* _ _
		** _ __ ___ ___ __\| \| ___ ___\| \| mod_ssl
		** \| '_ ` _ \ / _ \ / _` \| / __/ __\| \| Apache Interface to OpenSSL
		** \| \| \| \| \| \| (_) \| (_\| \| \__ \__ \ \| www.modssl.org
		** \|_\| \|_\| \|_\|\___/ \__,_\|___\|___/___/_\| ftp.modssl.org
		** \|_____\|
		** ssl_engine_compat.c
		** Backward Compatibility
		*/

		/* ====================================================================
		* The Apache Software License, Version 1.1
		*
		* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
		* reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		* are met:
		*
		* 1. Redistributions of source code must retain the above copyright
		* notice, this list of conditions and the following disclaimer.
		*
		* 2. Redistributions in binary form must reproduce the above copyright
		* notice, this list of conditions and the following disclaimer in
		* the documentation and/or other materials provided with the
		* distribution.
		*
		* 3. The end-user documentation included with the redistribution,
		* if any, must include the following acknowledgment:
		* "This product includes software developed by the
		* Apache Software Foundation (http://www.apache.org/)."
		* Alternately, this acknowledgment may appear in the software itself,
		* if and wherever such third-party acknowledgments normally appear.
		*
		* 4. The names "Apache" and "Apache Software Foundation" must
		* not be used to endorse or promote products derived from this
		* software without prior written permission. For written
		* permission, please contact apache@apache.org.
		*
		* 5. Products derived from this software may not be called "Apache",
		* nor may "Apache" appear in their name, without prior written
		* permission of the Apache Software Foundation.
		*
		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
		* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
		* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
		* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
		* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
		* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
		* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
		* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
		* SUCH DAMAGE.
		* ====================================================================
		*/

		/* ``Backward compatibility is for
		users who don't want to live
		on the bleeding edge.''
		-- Unknown */
		#ifdef SSL_COMPAT

		#include "mod_ssl.h"

		#if 0 /* XXX */

		/* _________________________________________________________________
		**
		** Backward Compatibility
		** _________________________________________________________________
		*/

		/*
		* The mapping of obsolete directives to official ones...
		*/

		static char ssl_compat_RequireSSL(pool , const char , const char , const char *);
		static char ssl_compat_SSLSessionLockFile(pool , const char , const char , const char *);
		static char ssl_compat_SSLCacheDisable(pool , const char , const char , const char *);
		static char ssl_compat_SSLRequireCipher(pool , const char , const char , const char *);
		static char ssl_compat_SSLBanCipher(pool , const char , const char , const char *);
		static char ssl_compat_SSL_SessionDir(pool , const char , const char , const char *);
		static char ssl_compat_words2list(pool , const char *);

		#define CRM_BEGIN /* nop */
		#define CRM_ENTRY(what,action) { what, action },
		#define CRM_END { NULL, NULL, NULL, NULL, NULL, NULL }
		#define CRM_CMD(cmd) cmd, NULL, NULL
		#define CRM_STR(str) NULL, str, NULL
		#define CRM_PAT(cmd) NULL, NULL, pat
		#define CRM_LOG(msg) msg, NULL, NULL
		#define CRM_SUB(new) NULL, new, NULL
		#define CRM_CAL(fct) NULL, NULL, fct

		static struct {
		char *cpCommand;
		char *cpSubstring;
		char *cpPattern;
		char *cpMessage;
		char *cpSubst;
		char (fpSubst)(pool , const char , const char , const char );
		} ssl_cmd_rewrite_map[] = {
		CRM_BEGIN

		/*
		* Apache-SSL 1.x & mod_ssl 2.0.x backward compatibility
		*/
		CRM_ENTRY( CRM_CMD("SSLEnable"), CRM_SUB("SSLEngine on") )
		CRM_ENTRY( CRM_CMD("SSLDisable"), CRM_SUB("SSLEngine off") )
		CRM_ENTRY( CRM_CMD("SSLLogFile"), CRM_SUB("SSLLog") )
		CRM_ENTRY( CRM_CMD("SSLRequiredCiphers"), CRM_SUB("SSLCipherSuite") )
		CRM_ENTRY( CRM_CMD("SSLRequireCipher"), CRM_CAL(ssl_compat_SSLRequireCipher) )
		CRM_ENTRY( CRM_CMD("SSLBanCipher"), CRM_CAL(ssl_compat_SSLBanCipher) )
		CRM_ENTRY( CRM_CMD("SSLFakeBasicAuth"), CRM_SUB("SSLOptions +FakeBasicAuth") )
		CRM_ENTRY( CRM_CMD("SSLCacheServerPath"), CRM_LOG("Use SSLSessionCache instead") )
		CRM_ENTRY( CRM_CMD("SSLCacheServerPort"), CRM_LOG("Use SSLSessionCache instead") )

		/*
		* Apache-SSL 1.x backward compatibility
		*/
		CRM_ENTRY( CRM_CMD("SSLExportClientCertificates"), CRM_SUB("SSLOptions +ExportCertData") )
		CRM_ENTRY( CRM_CMD("SSLCacheServerRunDir"), CRM_LOG("Not needed for mod_ssl") )

		/*
		* Sioux 1.x backward compatibility
		*/
		CRM_ENTRY( CRM_CMD("SSL_CertFile"), CRM_SUB("SSLCertificateFile") )
		CRM_ENTRY( CRM_CMD("SSL_KeyFile"), CRM_SUB("SSLCertificateKeyFile") )
		CRM_ENTRY( CRM_CMD("SSL_CipherSuite"), CRM_SUB("SSLCipherSuite") )
		CRM_ENTRY( CRM_CMD("SSL_X509VerifyDir"), CRM_SUB("SSLCACertificatePath") )
		CRM_ENTRY( CRM_CMD("SSL_Log"), CRM_SUB("SSLLogFile") )
		CRM_ENTRY( CRM_CMD("SSL_Connect"), CRM_SUB("SSLEngine") )
		CRM_ENTRY( CRM_CMD("SSL_ClientAuth"), CRM_SUB("SSLVerifyClient") )
		CRM_ENTRY( CRM_CMD("SSL_X509VerifyDepth"), CRM_SUB("SSLVerifyDepth") )
		CRM_ENTRY( CRM_CMD("SSL_FetchKeyPhraseFrom"), CRM_LOG("Use SSLPassPhraseDialog instead") )
		CRM_ENTRY( CRM_CMD("SSL_SessionDir"), CRM_CAL(ssl_compat_SSL_SessionDir) )
		CRM_ENTRY( CRM_CMD("SSL_Require"), CRM_LOG("Use SSLRequire instead (Syntax!)"))
		CRM_ENTRY( CRM_CMD("SSL_CertFileType"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSL_KeyFileType"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSL_X509VerifyPolicy"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSL_LogX509Attributes"), CRM_LOG("Not supported by mod_ssl") )

		/*
		* Stronghold 2.x backward compatibility
		*/
		CRM_ENTRY( CRM_CMD("StrongholdAccelerator"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("StrongholdKey"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("StrongholdLicenseFile"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLFlag"), CRM_SUB("SSLEngine") )
		CRM_ENTRY( CRM_CMD("SSLClientCAfile"), CRM_SUB("SSLCACertificateFile") )
		CRM_ENTRY( CRM_CMD("SSLSessionLockFile"), CRM_CAL(ssl_compat_SSLSessionLockFile) )
		CRM_ENTRY( CRM_CMD("SSLCacheDisable"), CRM_CAL(ssl_compat_SSLCacheDisable) )
		CRM_ENTRY( CRM_CMD("RequireSSL"), CRM_CAL(ssl_compat_RequireSSL) )
		CRM_ENTRY( CRM_CMD("SSLCipherList"), CRM_SUB("SSLCipherSuite") )
		CRM_ENTRY( CRM_CMD("SSLErrorFile"), CRM_LOG("Not needed for mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLRoot"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSL_CertificateLogDir"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("AuthCertDir"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSL_Group"), CRM_LOG("Not supported by mod_ssl") )
		#ifndef SSL_EXPERIMENTAL_PROXY
		CRM_ENTRY( CRM_CMD("SSLProxyMachineCertPath"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLProxyMachineCertFile"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLProxyCACertificatePath"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLProxyCACertificateFile"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLProxyVerifyDepth"), CRM_LOG("Not supported by mod_ssl") )
		CRM_ENTRY( CRM_CMD("SSLProxyCipherList"), CRM_LOG("Not supported by mod_ssl") )
		#else
		CRM_ENTRY( CRM_CMD("SSLProxyCipherList"), CRM_SUB("SSLProxyCipherSuite") )
		#endif

		CRM_END
		};

		static char *ssl_compat_RequireSSL(
		pool p, const char oline, const char cmd, const char args)
		{
		char *cp;

		for (cp = (char )args; ap_isspace(cp); cp++)
		;
		if (strcEQ(cp, "on"))
		return "SSLRequireSSL";
		return "";
		}

		static char *ssl_compat_SSLSessionLockFile(
		pool p, const char oline, const char cmd, const char args)
		{
		char *cp;

		for (cp = (char )args; ap_isspace(cp); cp++)
		;
		return ap_pstrcat(p, "SSLMutex file:", cp, NULL);
		}

		static char *ssl_compat_SSLCacheDisable(
		pool p, const char oline, const char cmd, const char args)
		{
		char *cp;

		for (cp = (char )args; ap_isspace(cp); cp++)
		;
		if (strcEQ(cp, "on"))
		return "SSLSessionCache none";
		return "";
		}

		static char ssl_compat_SSLRequireCipher(pool p, const char oline, const char cmd, const char *args)
		{
		return ap_pstrcat(p, "SSLRequire %{SSL_CIPHER} in {",
		ssl_compat_words2list(p, args),
		"}", NULL);
		}

		static char ssl_compat_SSLBanCipher(pool p, const char oline, const char cmd, const char *args)
		{
		return ap_pstrcat(p, "SSLRequire not (%{SSL_CIPHER} in {",
		ssl_compat_words2list(p, args),
		"})", NULL);
		}

		static char *ssl_compat_SSL_SessionDir(
		pool p, const char oline, const char cmd, const char args)
		{
		char *cp;

		for (cp = (char )args; ap_isspace(cp); cp++)
		;
		return ap_pstrcat(p, "SSLSessionCache dir:", cp, NULL);
		}

		static char ssl_compat_words2list(pool p, const char *oline)
		{
		char *line;
		char *cpB;
		char *cpE;
		char *cpI;
		char *cpO;
		char n;

		/*
		* Step 1: Determine borders
		*/
		cpB = (char *)oline;
		while (cpB == ' ' \|\| cpB == '\t')
		cpB++;
		cpE = cpB+strlen(cpB);
		while (cpE > cpB && ((cpE-1) == ' ' \|\| (cpE-1) == '\t'))
		cpE--;

		/*
		* Step 2: Determine final size and allocate buffer
		*/
		for (cpI = cpB, n = 1; cpI < cpE; cpI++)
		if ((cpI == ' ' \|\| cpI == '\t') &&
		(cpI > cpB && (cpI-1) != ' ' && (cpI-1) != '\t'))
		n++;
		line = ap_palloc(p, (cpE-cpB)+(n*2)+n+1);
		cpI = cpB;
		cpO = line;
		while (cpI < cpE) {
		if ( (cpI != ' ' && cpI != '\t')
		&& ( cpI == cpB
		\|\| ( cpI > cpB
		&& ((cpI-1) == ' ' \|\| (cpI-1) == '\t')))) {
		*cpO++ = '"';
		cpO++ = cpI++;
		}
		else if ( (cpI == ' ' \|\| cpI == '\t')
		&& ( cpI > cpB
		&& ((cpI-1) != ' ' && (cpI-1) != '\t'))) {
		*cpO++ = '"';
		*cpO++ = ',';
		cpO++ = cpI++;
		}
		else {
		cpO++ = cpI++;
		}
		}
		if (cpI > cpB && ((cpI-1) != ' ' && (cpI-1) != '\t'))
		*cpO++ = '"';
		*cpO++ = NUL;
		return line;
		}

		char ssl_compat_directive(server_rec s, pool p, const char oline)
		{
		int i;
		char *line;
		char *cp;
		char caCmd[1024];
		char *cpArgs;
		int match;

		/*
		* Skip comment lines
		*/
		cp = (char *)oline;
		while ((cp == ' ' \|\| cp == '\t' \|\| cp == '\n') && (cp != NUL))
		cp++;
		if (cp == '#' \|\| cp == NUL)
		return NULL;

		/*
		* Extract directive name
		*/
		cp = (char *)oline;
		for (i = 0; cp != ' ' && cp != '\t' && *cp != NUL && i < 1024; )
		caCmd[i++] = *cp++;
		caCmd[i] = NUL;
		cpArgs = cp;

		/*
		* Apply rewriting map
		*/
		line = NULL;
		for (i = 0; !(ssl_cmd_rewrite_map[i].cpCommand == NULL &&
		ssl_cmd_rewrite_map[i].cpPattern == NULL ); i++) {
		/*
		* Matching
		*/
		match = FALSE;
		if (ssl_cmd_rewrite_map[i].cpCommand != NULL) {
		if (strcEQ(ssl_cmd_rewrite_map[i].cpCommand, caCmd))
		match = TRUE;
		}
		else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) {
		if (strstr(oline, ssl_cmd_rewrite_map[i].cpSubstring) != NULL)
		match = TRUE;
		}
		else if (ssl_cmd_rewrite_map[i].cpPattern != NULL) {
		if (ap_fnmatch(ssl_cmd_rewrite_map[i].cpPattern, oline, 0))
		match = TRUE;
		}

		/*
		* Action Processing
		*/
		if (match) {
		if (ssl_cmd_rewrite_map[i].cpMessage != NULL) {
		ap_log_error(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, s,
		"mod_ssl:Compat: OBSOLETE '%s' => %s",
		oline, ssl_cmd_rewrite_map[i].cpMessage);
		line = "";
		break;
		}
		else if (ssl_cmd_rewrite_map[i].cpSubst != NULL) {
		if (ssl_cmd_rewrite_map[i].cpCommand != NULL)
		line = ap_pstrcat(p, ssl_cmd_rewrite_map[i].cpSubst,
		cpArgs, NULL);
		else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL)
		line = ssl_util_ptxtsub(p, oline, ssl_cmd_rewrite_map[i].cpSubstring,
		ssl_cmd_rewrite_map[i].cpSubst);
		else
		line = ssl_cmd_rewrite_map[i].cpSubst;
		break;
		}
		else if (ssl_cmd_rewrite_map[i].fpSubst != NULL) {
		line = ((char ()(pool , const char , const char , const char ))
		(ssl_cmd_rewrite_map[i].fpSubst))(p, oline, caCmd, cpArgs);
		break;
		}
		}
		}
		if (line != NULL && line[0] != NUL)
		ap_log_error(APLOG_MARK, APLOG_INFO\|APLOG_NOERRNO, s,
		"mod_ssl:Compat: MAPPED '%s' => '%s'", oline, line);
		return line;
		}

		/*
		* The mapping of obsolete environment variables to official ones...
		*/

		#define VRM_BEGIN /* nop */
		#define VRM_ENTRY(var,action) { var, action },
		#define VRM_END { NULL, NULL, NULL }
		#define VRM_VAR(old) old
		#define VRM_SUB(new) new, NULL
		#define VRM_LOG(msg) NULL, msg

		static struct {
		char *cpOld;
		char *cpNew;
		char *cpMsg;
		} ssl_var_rewrite_map[] = {
		VRM_BEGIN

		/*
		* Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x
		* and Stronghold 2.x backward compatibility
		*/
		VRM_ENTRY( VRM_VAR("SSL_PROTOCOL_VERSION"), VRM_SUB("SSL_PROTOCOL") )
		VRM_ENTRY( VRM_VAR("SSLEAY_VERSION"), VRM_SUB("SSL_VERSION_LIBRARY") )
		VRM_ENTRY( VRM_VAR("HTTPS_SECRETKEYSIZE"), VRM_SUB("SSL_CIPHER_USEKEYSIZE") )
		VRM_ENTRY( VRM_VAR("HTTPS_KEYSIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") )
		VRM_ENTRY( VRM_VAR("HTTPS_CIPHER"), VRM_SUB("SSL_CIPHER") )
		VRM_ENTRY( VRM_VAR("HTTPS_EXPORT"), VRM_SUB("SSL_CIPHER_EXPORT") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATE"), VRM_SUB("SSL_SERVER_CERT") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_START"), VRM_SUB("SSL_SERVER_V_START") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_END"), VRM_SUB("SSL_SERVER_V_END") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_SERIAL"), VRM_SUB("SSL_SERVER_M_SERIAL") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_SERVER_A_SIG") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_DN"), VRM_SUB("SSL_SERVER_S_DN") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CN"), VRM_SUB("SSL_SERVER_S_DN_CN") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_EMAIL"), VRM_SUB("SSL_SERVER_S_DN_Email") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_O"), VRM_SUB("SSL_SERVER_S_DN_O") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_OU"), VRM_SUB("SSL_SERVER_S_DN_OU") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_C"), VRM_SUB("SSL_SERVER_S_DN_C") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_SP"), VRM_SUB("SSL_SERVER_S_DN_SP") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_L"), VRM_SUB("SSL_SERVER_S_DN_L") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IDN"), VRM_SUB("SSL_SERVER_I_DN") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_ICN"), VRM_SUB("SSL_SERVER_I_DN_CN") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IEMAIL"), VRM_SUB("SSL_SERVER_I_DN_Email") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IO"), VRM_SUB("SSL_SERVER_I_DN_O") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IOU"), VRM_SUB("SSL_SERVER_I_DN_OU") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IC"), VRM_SUB("SSL_SERVER_I_DN_C") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_ISP"), VRM_SUB("SSL_SERVER_I_DN_SP") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_IL"), VRM_SUB("SSL_SERVER_I_DN_L") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERTIFICATE"), VRM_SUB("SSL_CLIENT_CERT") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_START"), VRM_SUB("SSL_CLIENT_V_START") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_END"), VRM_SUB("SSL_CLIENT_V_END") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_SERIAL"), VRM_SUB("SSL_CLIENT_M_SERIAL") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_CLIENT_A_SIG") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_DN"), VRM_SUB("SSL_CLIENT_S_DN") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_CN"), VRM_SUB("SSL_CLIENT_S_DN_CN") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_EMAIL"), VRM_SUB("SSL_CLIENT_S_DN_Email") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_O"), VRM_SUB("SSL_CLIENT_S_DN_O") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_OU"), VRM_SUB("SSL_CLIENT_S_DN_OU") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_C"), VRM_SUB("SSL_CLIENT_S_DN_C") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_SP"), VRM_SUB("SSL_CLIENT_S_DN_SP") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_L"), VRM_SUB("SSL_CLIENT_S_DN_L") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IDN"), VRM_SUB("SSL_CLIENT_I_DN") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_ICN"), VRM_SUB("SSL_CLIENT_I_DN_CN") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IEMAIL"), VRM_SUB("SSL_CLIENT_I_DN_Email") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IO"), VRM_SUB("SSL_CLIENT_I_DN_O") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IOU"), VRM_SUB("SSL_CLIENT_I_DN_OU") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IC"), VRM_SUB("SSL_CLIENT_I_DN_C") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_ISP"), VRM_SUB("SSL_CLIENT_I_DN_SP") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_IL"), VRM_SUB("SSL_CLIENT_I_DN_L") )
		VRM_ENTRY( VRM_VAR("SSL_EXPORT"), VRM_SUB("SSL_CIPHER_EXPORT") )
		VRM_ENTRY( VRM_VAR("SSL_KEYSIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") )
		VRM_ENTRY( VRM_VAR("SSL_SECRETKEYSIZE"), VRM_SUB("SSL_CIPHER_USEKEYSIZE") )
		VRM_ENTRY( VRM_VAR("SSL_SSLEAY_VERSION"), VRM_SUB("SSL_VERSION_LIBRARY") )

		VRM_ENTRY( VRM_VAR("SSL_STRONG_CRYPTO"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_EXP"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_ALGORITHM"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_SESSIONDIR"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATELOGDIR"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTFILE"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILE"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILETYPE"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_EXP"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_ALGORITHM"), VRM_LOG("Not supported by mod_ssl") )
		VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_SIZE"), VRM_LOG("Not supported by mod_ssl") )

		VRM_END
		};

		void ssl_compat_variables(request_rec *r)
		{
		char *cpOld;
		char *cpNew;
		char *cpMsg;
		char *cpVal;
		int i;

		for (i = 0; ssl_var_rewrite_map[i].cpOld != NULL; i++) {
		cpOld = ssl_var_rewrite_map[i].cpOld;
		cpMsg = ssl_var_rewrite_map[i].cpMsg;
		cpNew = ssl_var_rewrite_map[i].cpNew;
		if (cpNew != NULL) {
		cpVal = ssl_var_lookup(r->pool, r->server, r->connection, r, cpNew);
		if (!strIsEmpty(cpVal))
		ap_table_set(r->subprocess_env, cpOld, cpVal);
		}
		else if (cpMsg != NULL) {
		/*
		* we cannot print a message, so we set at least
		* the variables content to the compat message
		*/
		ap_table_set(r->subprocess_env, cpOld, cpMsg);
		}
		}
		return;
		}

		#endif /* XXX */

		#endif /* SSL_COMPAT */

modules/ssl/ssl_engine_config.c

+0 −13

Original line number	Diff line number	Diff line
		@@ -326,19 +326,6 @@ void ssl_config_perdir_merge(pool p, void basev, void addv)
		return new;
		}

		/*
		* Directive Rewriting
		*/

		char ssl_hook_RewriteCommand(cmd_parms cmd, void config, const char cmd_line)
		{
		#ifdef SSL_COMPAT
		return ssl_compat_directive(cmd->server, cmd->pool, cmd_line);
		#else
		return NULL;
		#endif
		}

		#endif /* XXX */

		/*

modules/ssl/ssl_engine_kernel.c

+0 −8

Original line number	Diff line number	Diff line
		@@ -1260,14 +1260,6 @@ int ssl_hook_Fixup(request_rec *r)
		}
		}

		/*
		* On-demand bloat up the SSI/CGI environment with compat variables
		*/
		#ifdef SSL_COMPAT
		if (dc->nOptions & SSL_OPT_COMPATENVVARS)
		ssl_compat_variables(r);
		#endif

		return DECLINED;
		}